Gregory P. Smith | 13 Jan 02:08 2008

Re: PEP: per user site-packages directory


On 1/12/08, Christian Heimes <lists <at> cheimes.de> wrote:
Christian Heimes wrote:
> MA Lemburg has suggested a per user site-packages directory in the
> "pkgutil, pkg_resource and Python 3.0 name space packages" thread. I've
> written a short PEP about it for Python 2.6 and 3.0.

Addition:
An user has requested a new option to suppress the user site packages
directory:

-s     : don't add user site directory to sys.path; also PYTHONNOUSERSITE

+0.5  Thanks for writing this up as a PEP.

My main suggestion was going to be the ability to turn it off as you already mentioned.  However, please consider leaving it off by default to avoid problems for installed python scripts importing user supplied code.  For shared hosting environments where this becomes really useful users can easily add the -s (or whatever flag is chosen) to their programs themselves.  I don't know what that'd mean on windows where #! lines don't exist.  Yet another file extension to imply the flag (yuck)?  A .cmd wrapper script to run python with the flag (ugh)?

For security reasons we also need it disabled when the getuid() != geteuid() to avoid user supplied code being executed as another user.  Defaulting to disabled would mean that security could be left up to the end user to mess up.  (many systems do not allow setuid #! scripts but this issue would still apply to things run under sudo)

-gps

_______________________________________________
Python-Dev mailing list
Python-Dev <at> python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/python-python-dev%40m.gmane.org

Gmane